This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
- # announcements (6)
- # architecture (5)
- # aws (4)
- # beginners (79)
- # boot (3)
- # boot-dev (7)
- # calva (21)
- # cider (17)
- # cljdoc (12)
- # clojure (83)
- # clojure-art (2)
- # clojure-belgium (2)
- # clojure-brasil (1)
- # clojure-estonia (2)
- # clojure-europe (3)
- # clojure-finland (5)
- # clojure-india (2)
- # clojure-italy (49)
- # clojure-losangeles (1)
- # clojure-nl (12)
- # clojure-spec (120)
- # clojure-sweden (2)
- # clojure-switzerland (4)
- # clojure-uk (31)
- # clojurescript (80)
- # data-science (17)
- # datavis (2)
- # datomic (31)
- # emacs (31)
- # figwheel-main (28)
- # fulcro (6)
- # jobs (2)
- # liberator (7)
- # luminus (1)
- # nrepl (2)
- # off-topic (51)
- # overtone (2)
- # pathom (4)
- # re-frame (28)
- # reitit (1)
- # rum (6)
- # shadow-cljs (26)
- # specter (2)
- # tools-deps (33)
- # yada (3)
Is there anything remotely similar to Meteor in Clojure? I mean, a framework to make realtime apps quickly.
Not sure natively, but I like the prospect. Considering Mr. Clean is on the radar for a react preplacement, there's a lot of potential for something like this.
Fulcro+Pathom+Workspaces is a really nice workflow! Has all the plumbing you need for sockets, etc. If you're more adventurous and this is a totally greenfield project, Nikolas Gobel just gave a really amazing talk on his work on 3df: https://www.youtube.com/watch?v=ZgqFlowyfTA
I am indeed looking into writing or using such a system and try to put all the pieces together. I was wondering about what I should use as a reactive data query language.
Datascript, Pathom, D2Q, EQL and QLKit are on my to-read list, and now this video too.
Yeah, its' really awesome how many people are working in this space right now, with great results! Another to investigate is https://github.com/metasoarous/datsync . Chris is doing fantastic work on this as well.
Anyone planning on mass producing this mug? https://c1.staticflickr.com/6/5049/5340632301_e930830d72_b.jpg
Rich usually does not grant use of the logo for stuff like this
not licensed, it’s a trademark. generally Rich does not grant its use for products for sale.
Well if Cognitect plans on mass producing it please make a coffee version too
Do you also include the
WARNING: Wrong number of args (2) passed to transduce?
Dunno if this is a well-discussed point already, but aren't tools.deps "git dependencies" inherently more secure than Mavencentral/Clojars? The problem I see with clojars (and rubygems, and npm) is that there's no guarantee that a release artifact corresponds in any way to a git "release" (tag or commit) So, my-clojars-release 2.1.1 could distribute evil or buggy stuff that my-git-release 2.1.1 does not reflect There are multiple possible bad scenarios: - library author is evil, pushed hidden stuff in his jar - library author's machine is compromised, he unknowingly pushes evil stuff - clojars or mavencentral are compromised, and release 2.1.1 is mutated with evil stuff (releases are immutable for library authors, but not for repositories, I would guess) I tried to play with the idea of adding a "verification sha" to clojars dependencies, but I believe checking a .jar's sha would involve git cloning the repo... which is a roundabout way of doing what tools.deps already does Thoughts? More specifically: would there be any downsides for using "git deps" whenever possible (other than for Java stuff)?
THANK YOU! I've been wondering this same thing from the start of working with npm/nuget/maven/whatever. My stomach drops every time I
npm install something, but everyone does it so it must be fine right :face_with_rolling_eyes:
Git is not that safe. If is not a signed commit, I can change/fake the remote and deliver any "code"
But, tools.deps specifications go against SHAs. So if you checked that [email protected] is safe, nothing can change that
Did you really check that all commits up to [email protected] are safe? ;] Without signed commits, a safe commit SHA theoretically can have a collision with a compromised one. But more likely, a compromised repo will have unsigned commits that were spoofed to look authentic from the original author (and don’t we all just grab the latest from master / readme)? There was an interesting thought experiment posted in 2012 that is relevant: https://mikegerwitz.com/papers/git-horror-story
> Did you really check that all commits up to [email protected] are safe? checking the file tree (as of <sha>) is enough? especially for small-to-medium libraries. Will read the article regardless!
I can’t speak to that, but this excellent piece has more on those concerns: https://hillelwayne.com/post/stamping-on-eventstream/
I feel like rpc/messaging passing is what is used everywhere else, but as soon as you want to talk over http, rest comes up, and like, why? if rest isn't so great that you are trying to bring all your non-http apis to it, then why saddle your http apis with it?
Ah, I did take the laptop — mucho $$$ plus I don’t want company IT having a say in what I have on my personal machine.
I am thinking of getting paid version of tableplus and robo 3t but it would be out of pocket
database software seems to me to be something work should pay for. are they unwilling?
they might. you also might introduce a tool to the team that makes everyone more productive